diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
index ad7a4c7..4533567 100644
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@@ -7,12 +7,12 @@ spec:
     - -c
     - |
       trap 'kill $!; exit' TERM
-      rm -f ~/.config/containers/storage.conf
       sleep infinity &
       wait
     securityContext:
       runAsUser: 1000
       runAsGroup: 1000
+      readOnlyRootFilesystem: true
     resources:
       limits:
         github.com/fuse: 1
@@ -21,5 +21,31 @@ spec:
       requests:
         cpu: 6
         memory: 8G
+    volumeMounts:
+    - mountPath: /home/build
+      name: tmp
+      subPath: home
+    - mountPath: /home/build/.local/share/containers
+      name: data
+      subPath: containers
+    - mountPath: /tmp
+      name: tmp
+      subPath: tmp
+    - mountPath: /var/tmp
+      name: data
+      subPath: tmp
   tolerations:
   - key: du5t1n.me/jenkins
+  volumes:
+  - name: data
+    ephemeral:
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+          - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+  - name: tmp
+    emptyDir:
+      medium: Memory